SonarQube - Static Tool to Analyse and Inspect Code Quality

There are many tools in the testing world to find out bugs and analyze the code after running or execution of the program. Such tools are called dynamic testing tool. There are only few static testing tools that analyze code and give us reports without any execution. We are going to see about one such tool called SonarQube here. Let's see what is it and how to do code inspection in a maven project.

SonarQube

It is an open-source tool used for continuous inspection of code quality. It helps in finding out bugs, code smells, code coverage, and security vulnerabilities. It provides detailed reports on coding standards, unit tests, code coverage, bugs, and security vulnerabilities. 

It supports all major programming languages like Java, Python, Ruby, etc. All supported lanuguages are listed here.

SonarQube with Maven

Let's dive directly to analysis steps in a Java+Maven project. 

Pre-requisites

• Docker
• Java
• Maven

Take a Docker Pull

SonarQube is available as a Docker image. All we need to do is take a pull and start the server in your local. Follow the below steps and start the server. 

docker pull sonarqube:latest

docker container run -d --name sonarqube -p 9000:9000 sonarqube:latest

The server runs in 9000 port. So it is mandatory to start the server in the same port. Now check the SonarQube dashboard here. Wait until you see this screen.

That's it. We are all set to use SonarQube in our project.

Run Scanner

After building your project, run the below command. 

xxxxxxxxxx

mvn sonar:sonar

Upon a successful build, you will be able to see these logs. Now as you see in logs, click on reports link to analyze the reports.

Analysis Reports

Bugs, vulnerabilities, code coverage, and security issues are in the dashboard. You can see a detailed report under the issues tab and measures tab.

Thanks for reading!! You can find a sample project here.